Ansible小结（三）---基本使用

为客户端机器分发key

1、配置hosts文件

cat /etc/ansible/hosts 
[test]
192.168.10.101 ansible_user=root ansible_ssh_pass='123456'

此处我用的是root用户，密码为123456，此处配置用户名和密码后，控制机就可以访问客户端的机器了。但是为了安全起见，分发key结束后，要删除此处的user和pass。

2、控制机配置key

[root@Server .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:7sOnF9YRv5FJ31PIfCNeW7p2IMKvIX6nKHnPuvgmeOw root@Server.ifeng.com
The key's randomart image is:
+---[RSA 2048]----+
|             o . |
|            ..=o+|
|         .  .+o**|
|          o o.Boo|
|        S  + o =.|
|       .. + o + .|
|     o +.o + . . |
|    . *o*o= .    |
|     oE*BX+o     |
+----[SHA256]-----+

　[root@Server salt]# ll /root/.ssh/
  total 8
  -rw------- 1 root root 668 May 22 21:46 id_dsa
  -rw-r--r-- 1 root root 611 May 22 21:46 id_dsa.pub

3、将key分发给客户端机器

[root@Server playbooks]# cat push.ssh.ymal 
- hosts: test
  user: root
  tasks:
   - name: ssh-copy
     authorized_key: user=root key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
     tags:
       - sshkey

  [root@Server playbooks]# ansible-playbook push.ssh.ymal

  PLAY [test] ************************************************************************************************************************************************************************************************************    TASK [Gathering Facts] *************************************************************************************************************************************************************************************************    ok: [192.168.10.101]

  TASK [ssh-copy] ********************************************************************************************************************************************************************************************************
  changed: [192.168.10.101]

  PLAY RECAP **************************************************************************************************************************************************************************************************************
  192.168.10.101 : ok=2 changed=1 unreachable=0 failed=0

此处采用了playbook的authorized_key模块，来分发key，后面来介绍playbook相关

4、删除hosts中的user和pass并测试客户端

[root@Server playbooks]# cat /etc/ansible/hosts |grep test -A 2
[test]
#192.168.10.101 ansible_user=root ansible_ssh_pass='123456'
192.168.10.101
[root@Server playbooks]# ansible all -m command -a "w"
192.168.10.101 | SUCCESS | rc=0 >>
 23:41:49 up 4 days,  4:49,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    192.168.10.1     21:47    4:53   0.19s  0.04s -bash
root     pts/1    192.168.10.100   23:41    0.00s  0.24s  0.17s

至此，通过ansible向客户端分发key就完成了。